[rancid] Debugging Logins for netscreen and procurve switches

Remsik,Robert Robert.Remsik at colostate.edu
Mon Aug 15 19:51:44 UTC 2016 

Using the FAQ as a reference (thank you) I was able generate a string that I can use to login to the device manually.


$ssh -v -oHostKeyAlgorithms=+ssh-dss -oKexAlgorithms=+diffie-hellman-group1-sha1 login.name at x.y.148.230

When running rancid-run, rancid runs and generates the log files.  When I run hlogin [ip] it does not work.

$ /opt/rancid/bin/nlogin -t 90 -c "get system;get conf" x.y.148.230
spawn ssh -c 3des -x -l login.name x.y.148.230
Unknown cipher type '3des'

Error: Couldn't login: x.y.148.230

So my next thought is hrancid isn't passing the correct information to hlogin (even though the ssh algorithm and kex algorithms are specified in ssh.config file.

$ ./nrancid -d -t netscreen x.y.148.230
executing nlogin -t 90 -c"get system;get conf" x.y.148.230
x.y.148.230 nlogin error: Error: Couldn't login: x.y.148.230
x.y.148.230 nlogin error: Error: Couldn't login: x.y.148.230
x.y.148.230: missed cmd(s): all commands
x.y.148.230: End of run not found
x.y.148.230: End of run not found

I can edit the nlogin file to explicitly ask pass the cypher type as per the expect function, but I thought was what the point of this function was supposed to do (and far my dynamically than my static configuration)?  Do I need to modify it to read the .ssh config file?

    # Figure out cypher type
    if {[info exists cypher]} {
        # command line cypher type
        set cyphertype $cypher
    } else {
        set cyphertype [find cyphertype $router]
        if { "$cyphertype" == "" } { set cyphertype "3des" }
    }

One other thing I noticed was the home directory of the rancid user is /home/rancid versus /opt/rancid(where my sys admin compiled and stored it).  I had to add the below the .bashrc to enable rancid to be able to run at all.  Is this the root of the issue?
## Changing $HOME directory to allow rancid to run
## $HOME is referenced in the rancid clogin files
export HOME="/opt/rancid"



Thank you in advance,



Robert Remsik

ACNS

Desk Phone: 970 491 7120

Robert.Remsik at colostate.edu


________________________________
From: heasley <heas at shrubbery.net>
Sent: Friday, August 12, 2016 6:06 PM
To: Remsik,Robert
Cc: rancid-discuss at shrubbery.net
Subject: Re: [rancid] Debugging Logins for netscreen and procurve switches

Thu, Aug 11, 2016 at 09:32:38PM +0000, Remsik,Robert:
> Hello!
>
> I'm using a fresh install of Rancid 3.4.1 and I'm trying to get
>
> logins to netscreen devices and hp procurve devices to work with no success so far.  Rancid can successfully login to other devices of different types.
>
> The device is defined as (below) in the router.db file.
>
> #comment
> x.y.148.230;netscreen;up
>
> The log throws the error message of:
>
> x.y.148.230: missed cmd(s): all commands
>
> x.y.148.230 nlogin error: Error: Couldn't login: x.y.148.230
> x.y.148.230: End of run not found
>
> Any help is appreciated, thank you in advance!

please start with the FAQ S3 Q2.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20160815/90c63419/attachment.html>

More information about the Rancid-discuss mailing list